#!/usr/bin/perl
# 
# CGI-BIN script to show an "user page" for a person
# with all that he has registered
# This is a copy that defeats the "have key" criteria....ugly!
#
# Parameters: key=Key (number-random) of user.
#
use Counter;
use CGI::Carp;
use Counter::CGI;
use CounterCGI;
use Fcntl;

$] > 5.008 && binmode(STDOUT, ":utf8"); # set web page output to utf-8
$q = new Counter::CGI;

my $sessid = $q->cookie("PHPSESSID");
my $session = PHP::Session->new($sessid, { create => 1 });

for $name ($q->param()) {
    $entry{$name} = $q->param($name);
}
$users = Counter::open(O_RDWR);
$persons = Counter::openfile("persons");

# Check if there was a key or email address as input
if ($entry{"key"}) {
    $key = $entry{"key"};
    if (($key !~ m/^\d+$/) && ($key !~ /@/)) {
       CounterCGI::returnwithmessage($q, __("You entered an incorrect key"));
    }
} else {
    CounterCGI::returnwithmessage($q, __("You have to specify a key"));
}

# Check if the user pushed Show rather than Edit
if ($entry{"show"}) {
    print $q->redirect("http://$ENV{SERVER_NAME}/cgi-bin/adm/display-person.cgi?user=$entry{key}");
    exit(0);
} elsif ($entry{"newshow"}) {
    print $q->redirect("https://$ENV{SERVER_NAME}//adm/display-person.php?user=$
	    entry{key}");
    exit(0);
}

# Remember - this is the ADMIN interface
if ($key =~ /^\d+-\d+$/) {
    warn "Getting on split key\n";
    ($index, $secret) = split("-", $key);
    $user = $users->get($index);
} elsif ($key =~ /@/) {
    $user = $users->getbyemail($key);
} else {
    $index = $key;
    $user = $users->get($index);
}
if (!defined($user)) {
    CounterCGI::returnwithmessage($q, __("No such user as") . " " . $key . " - " . __("try again") . "\n");
} else {
    $index = $user->key();
    warn "Entry $index found\n";
    $key = $user->{key};
}
if ($user->{state} eq "frozen") {
    warn "Admin show-user: Thawing entry $index\n";
    $user->thaw();
}
$person = $persons->get($index);
if (!defined($person)) {
    warn "show-user: $index - no person record\n";
    $noperson = 1;
}
#
# Here's the real stuff!
# Note that we put the userkey as a HIDDEN attribute - this is, of
# course, unsafe. Ought to use hashing and timestamps instead....
#
print <<EoF;
content-type: text/html; charset="utf-8"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
EoF
CounterCGI::pagehead(__("Linux Counter user page for UID") . " #$index");
print "<body bgcolor=white>\n";
CounterCGI::pagetop($q);
my $comment = formquote($$user{comment});

print "<table>\n";
print "<tr>\n<td><img src=\"/cgi-bin/certificate.cgi/", $index, "\"",
    "alt=\"", __("Registered Linux User"), " #", $index, "\" align=middle></td>\n";
print "<td><h1>",
    __("Registration for"), "<br> ", $person->{name}, "</h1></td>\n</tr>\n";
print "</table>\n";
print __("Administrative update form"), "\n";
print <<EoF;
<form method=post action="/cgi-bin/adm/userupdate.cgi">
<input type="hidden" name="database" value="$entry{database}">
<input type="hidden" name="key" value="$index">
EoF
print __("Admin Comment"), ":\n <input name=\"comment\" value=\"", $comment, "\" size=40>";

# Show the person info too

print "<HR>\n";
print "<h2>", __("Admin info"), "</h2>\n";
my $val = formquote($user->{email});
print "<iMG SRC=\"/gifs/greendot.gif\"><b>", __("Email address"), ":</b> <inPUT NAME=\"sendreplyto\" VALUE=\"$val\" SIZE=60 MAXLENGTH=160><br>\n";
print "<p>";
my $val = formquote($person->{"may_publish"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("May publish"), ":</B> <inPUT NAME=\"may_publish\" VALUE=\"$val\" SIZE=3 MAXLENGTH=4><br>\n";
print "<P>\n";
print "<hr>\n";
print "<h2>", __("Personal information"), "</h2>\n";

my $val = formquote($person->{"name"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("Name"), ":</B> <inPUT NAME=\"name\" VALUE=\"$val\" SIZE=40 MAXLENGTH=40><P>\n";
my $val = formquote($person->{"homepage"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("Homepage"), ":</B> <inPUT NAME=\"homepage\" VALUE=\"$val\" SIZE=40 MAXLENGTH=160><P>\n";

my $val = formquote($person->{"country"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("Country"), ":</B> <input NAME=\"country\" VALUE=\"$val\" SIZE=3 MAXLENGTH=10><p>\n";
my $val = formquote($person->{"state"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("State/province/department"), ":</B> <inPUT NAME=\"state\" VALUE=\"$val\" SIZE=40 MAXLENGTH=40><p>\n";
my $val = formquote($person->{"city"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("City"), ":</B> <inPUT NAME=\"city\" VALUE=\"$val\" SIZE=40 MAXLENGTH=40><p>\n";
my $val = formquote($person->{"email"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("Email"), ":</B> <inPUT NAME=\"email\" VALUE=\"$val\" SIZE=40 MAXLENGTH=160><p>\n";
my $val = formquote($person->{"started"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("Startdate"), ":</B> <inPUT NAME=\"started\" VALUE=\"$val\" SIZE=8 MAXLENGTH=9><p>\n";
my $val = formquote($person->{"usage"});
print "<iMG SRC=\"/gifs/yellowdot.gif\"><B>", __("Usage-place"), ":</B> <inPUT NAME=\"usage\" VALUE=\"$val\" SIZE=40 MAXLENGTH=40><p>\n";
print "<HR>\n";

print "<inPUT TYPE=\"reset\" VALUE=\"", __("Reset"), "\"> <inPUT TYPE=\"submit\" NAME=\"enter\" VALUE=\"", __("Enter data"), "!\"> <input type=submit name=\"delete\" value=\"", __("Delete person info"), "\"><p>\n";
print "</form>\n";
CounterCGI::pagebottom();

sub formquote {
    my $string = shift;

    $string =~ s/"/&quot;/g;
    return $string;
}

sub dieform {

    my $msg = shift;

    print <<EoF;
content-type: text/html; charset="utf-8"

<html>
<head>
EoF
print "<title>", __("Error message"), "</title>\n";
print <<EoF;
</head>
<body>
EoF
print "<h1>", __("Error"), "</h1>\n";
print __("Your request could not be completed.");
print "\n<p>\n";
print __("Reason"), ": $msg";
print <<EoF;
<p>
<!-- appropriate BACK buttons go here -->
</body>
EoF
    die "Error $msg\n";
}

